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DETAILED ACTION 

1 . This action is in response to communications filed March 6, 2008. 

2. Claims 1-97 are pending in this application. Claims 1-20, 23-55, 58-64, 66, 68- 

72, 74-82, 90-91 , 93, and 95-97 are currently amended. Claims 21-22, 56, 57, 65, 67, 

73, 83-89, 92, and 94 have been previously presented. 

3. This application claims priority to provisional application number 60/457,357 filed 
March 26, 2003. 

Claim Objections 

4. Claim 82 is objected to because it is labeled, "(previously presented)" while the 
annotations suggest that it is currently amended. Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

6. Claims 1-97 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Gardner (Pub. No. 2002/0013904). 



Application/Control Number: 10/808,166 Page 3 

Art Unit: 2157 

7. With respect to claims 1 , 9, and 1 7, Gardner discloses an apparatus, method and 
computer program product (paragraph [0025], lines 1-7) comprising: a processor 
configured to send and receive (paragraph [0039]), to and from a client (paragraph 
[0029], line 4, user), a set of a plurality of labels identifying a plurality of elements of an 
authentication matrix (paragraph [0026], whereby the "label" is anticipated by Gardner's 
"grid references" in line 4, and the "element of an authentication matrix" is anticipated by 
Gardner's "particular character"; note that Gardner's use of the terms "table" and "grid" 
throughout are, hereinafter, equated to the "matrix", see paragraph [0015], lines 3-7), 
the authentication matrix including a plurality of elements organized in one or more 
columns or rows (paragraph [0055], lines 3-5), each element capable of being identified 
by a label (paragraph [0027]) that identifies the column and row of the respective 
element (paragraph [0055], lines 1-4), the set of labels being unknown at the client until 
the set of labels is sent thereto (paragraph [0061]), wherein the processor is configured 
to receive a passcode (paragraph [0026], whereby the "passcode" is anticipated by 
Gardner's VPIN) from the client formulated based upon the elements identified by the 
received set of labels (paragraph [0027]), and wherein the processor is configured to 
authenticate the client based upon the formulated passcode (paragraph [0030]). 

8. With respect to claims 2, 1 0, 1 8, 26, 34, 43 and 52, Gardner discloses the 
apparatus and method according to claims 1, 9, 17, 25, 33, 42, and 51 respectively, 
wherein the processor is configured to send a set of labels (paragraph [0061]), receiving 
a formulated passcode (paragraph [0095], lines 1-5) and authenticating the client a 
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plurality of times (paragraph [0096], lines 5-9), and wherein the processor is configured 
to send each set of labels such that the sent set of labels differs from each previously 
sent set of labels (paragraph [0025], lines 1-10, the required VPIN input code, which 
varies on each and every occasion of use). 

9. With respect to claims 3, 1 1 , 19, 27, 35, 44, and 53, Gardner discloses the 
apparatus and method according to claims 1, 9, 17, 26, 33, 42 and 51 respectively, 
wherein the processor is configured to generate a passcode based upon elements 
selected from the authentication matrix (paragraph [0026]), wherein the processor is 
configured to send a set of labels identifying the selected elements (paragraph [0061]), 
and wherein the processor is configured to authenticate the client further based upon 
the generated passcode (paragraphs [0085-0086]). 

1 0. With respect to claims 4, 12, 20, 28, 36, 45, and 54, Gardner discloses the 
apparatus and method and method according to claims 3, 11, 19, 27, 35, 44 and 53 
respectively, wherein the processor is configured to provide, to the client, an 
authentication matrix stored in a database (paragraph [0046]), wherein the processor is 
configured to generate a passcode based upon elements selected from the 
authentication matrix stored in the database (paragraph [0085]), and wherein the 
processor is configured to receive a passcode formulated based upon elements of the 
authentication matrix provided to the client corresponding to the elements selected from 
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the authentication matrix stored in the database (paragraphs [0045-0048]; Figure 2; 
paragraph [0086]). 

1 1 . With respect to claims 5, 1 3, 21 , 29, 37, 46 and 55, Gardner discloses the 
apparatus and method according to claims 4, 12, 20, 28, 36, 45, and 54 respectively, 
wherein the database is configured to store a plurality of authentication matrices 
(paragraphs [0049]-[0050]), each authentication matrix associated with a different client 
(paragraphs [0049]-[0050]), wherein the processor is configured to provide, to the client 
being authenticated, an authentication matrix associated with the respective client 
(paragraphs [0049]-[0050]), and wherein the processor is configured to generate a 
passcode based upon elements selected from the authentication matrix stored in the 
database and associated with the respective client (paragraph [0038]). 

12. With respect to claims 6,14, 22, 30, 38, 47 and 56, Gardner discloses the 
apparatus and method according to claims 5, 13, 21, 29, 37, 46 and 55 respectively, 
wherein the processor is configured to receive at least one piece of identifying 
information associated with the client being authenticated (paragraph [0038], lines 1-4), 
and thereafter identifying, from the plurality of authentication matrices stored in the 
database, the authentication matrix associated with the client being authenticated based 
upon the at least one piece of identifying information (paragraph [0038], lines 1-4), and 
wherein the processor is configured to generate a passcode based upon elements 
selected from the identified authentication matrix (paragraphs [0061]-[0062]). 
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1 3. With respect to claims 7, 1 5, 23, 31 , 40, 49, and 58, Gardner discloses the 
apparatus and method according to claims 3, 11, 19, 27, 36, 45 and 54 respectively, the 
processor is configured to generate a passcode further based upon a personal 
identification number (PIN) associated with the client (paragraph [0042], lines 1-3), and 
wherein the processor is configured to receive a passcode formulated further based 
upon the PIN (paragraph [0027]). 

14. With respect to claims 8, 1 6, 24, 32, 41 , 50 and 59, Gardner discloses the 
apparatus and method according to claims 7, 15, 23, 31, 40, 49 and 58 respectively, 
wherein the processor is configured to generate a passcode including elements 
selected from the authentication matrix and the PIN in a variable position with respect to 
the selected at least one element (paragraph [0061]), wherein the processor is 
configured to receive a passcode formulated to include the identified elements and the 
PIN in the variable position with respect to the identified elements, and wherein the 
processor is configured to authenticate the client by identifying a match between the 
generated passcode and the formulated passcode (paragraphs [00070], [0074], and 
[0086]). 

1 5. With respect to claim 60, Gardner discloses the apparatus according to Claim 1 , 
wherein the processor is configured to send a set of labels to the client in response to 
the client effectuating logging in, logging in including prompting the client for at least one 
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piece of identifying information (paragraph [0041]), and receiving the at least one piece 
of identifying information from the client, the at least one piece of identifying information 
comprising a user name and a password (paragraph [0042]) associated with a client 
user. 

16. With respect to claim 61 , Gardner discloses the apparatus according to Claim 6, 
wherein the at least one piece of identifying information received by the processor is 
capable of identifying the client to an organization independent of the authentication 
matrix associated with the client (paragraph [0097]; wherein an "organization" is 
anticipated by a Trusted Third Party acting as an administrator of the prior art system). 

1 7. With respect to claim 62, Gardner discloses the apparatus according to Claim 9, 
wherein the processor is configured to receive a set of labels in response to the 
apparatus or user effectuating logging in, logging in including the apparatus or user 
being prompted for at least one piece of identifying information, and sending the at least 
one piece of identifying information, the at least one piece of identifying information 
comprising a user name and a password associated with a client user (paragraphs 
[0041-0042]). 

18. With respect to claim 63, Gardner discloses the apparatus according to Claim 1 4, 
wherein the at least one piece of identifying information sent by the processor is 
capable of identifying the apparatus or user to an organization independent of the 
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authentication matrix associated with the respective apparatus or user (paragraph 
[0097]; wherein an "organization" is anticipated by a Trusted Third Party acting as an 
administrator of the prior art system). 

19. With respect to claim 64, Gardner discloses the method according to Claim 17, 
wherein sending a set of labels comprises sending a set of labels in response to 
effectuating logging in, logging in including prompting the client for at least one piece of 
identifying information, and receiving the at least one piece of identifying information, 
the at least one piece of identifying information comprising a user name and password 
associated with a client user (paragraphs [0041-0042]). 

20. With respect to claim 65, Gardner discloses the method of Claim 22, wherein 
receiving the at least one piece of identifying information comprises receiving at least 
one piece of identifying information capable of identifying the client to an organization 
independent of the authentication matrix associated with the client (paragraph [0097]; 
wherein an "organization" is anticipated by a Trusted Third Party acting as an 
administrator of the prior art system). 

21 . With respect to claim 66, Gardner discloses the computer program product 
according to Claim 25, wherein the first executable portion is configured to send a set of 
labels in response to effectuating logging in, logging In including prompting the client for 
at least one piece if identifying information, and receiving the at least one piece of 
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identifying information, the at least one piece of identifying information comprising a 
user name and a password associated with a client user (paragraphs [0041-0042]). 

22. With respect to claim 67, Gardner discloses the computer program product 
according to Claim 30, wherein the at least one piece of identifying information 
comprises received by the sixth executable portion is capable of identifying the client to 
an organization independent of the authentication matrix associated with the client 
(paragraph [0097]; wherein an "organization" is anticipated by a Trusted Third Party 
acting as an administrator of the prior art system). 

23. With respect to claim 68, Gardner discloses the apparatus according to Claim 33, 
wherein the processor is configured to send a set of labels in response to effectuating 
logging in, logging in including prompting the client for at least one piece of identifying 
information, and receiving the at least one piece of identifying information, the at least 
one piece of identifying information comprising a user name and password associated 
with a client user (paragraphs [0041-0042]). 

24. With respect to claim 69, Gardner discloses the apparatus according to Claim 39, 
wherein the at least one piece of identifying information received by the processor is 
capable of identifying the client to an organization independent of the authentication 
matrix associated with the client (paragraph [0097]; wherein an "organization" is 
anticipated by a Trusted Third Party acting as an administrator of the prior art system). 
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25. With respect to claim 70, Gardner discloses the apparatus according to Claim 42, 
wherein the processor is configured to receive a set of labels in response to effectuating 
logging in, logging in including the apparatus or user being prompted for at least one 
piece of identifying information, and sending the at least one piece of identifying 
information, the at least one piece of identifying information comprising a user name 
and password associated with the user (paragraphs [0041-0042]). 

26. With respect to claim 71 , Gardner discloses the apparatus according to Claim 48, 
wherein the at least one piece of identifying information sent by the processor is 
capable of identifying the apparatus or user to an organization independent of the 
authentication matrix associated with the apparatus or user (paragraph [0097]; wherein 
an "organization" is anticipated by a Trusted Third Party acting as an administrator of 
the prior art system). 

27. With respect to claim 72, Gardner discloses the method according to Claim 51 , 
wherein sending a set of labels in response to effectuating logging in, logging in 
including prompting the client for at least one piece of identifying information, and 
receiving the at least one piece of identifying information, the at least one piece of 
identifying information comprising a user name and password associated with a client 
user (paragraphs [0041-0042]). 
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28. With respect to claim 73, Gardner discloses the system according to Claim 57, 
wherein receiving the at least one piece of identifying information comprises receiving at 
least one piece of identifying information capable of identifying the client to an 
organization independent of the authentication matrix associated with the client 
(paragraph [0097]; wherein an "organization" is anticipated by a Trusted Third Party 
acting as an administrator of the prior art system). 

29. With respect to claims 74, 82, and 90, Gardner discloses the apparatus, method, 
and computer program for authenticating a user (paragraph [0025], lines 1-7) 
comprising: a processor (paragraph [0025], lines 1-3, Master System) configured to 
prompt a user (paragraph [0025], lines 1-3) for at least one piece of identifying 
information associated with the user (paragraph [0051]), the user being prompted during 
effectuation of logging in (paragraphs [0041-0042]), wherein the processor is configured 
to receive the identifying information in response to prompting the user (paragraph 
[0040], be approached by the master system), wherein the processor receiving the 
identifying information invokes an authentication procedure (paragraph [0025], lines 1- 
7), the authentication procedure comprising: selecting a set of labels identifying 
elements of an authentication matrix (paragraph [0027], grid reference system), wherein 
the authentication matrix includes a plurality of elements organized in one or more 
columns and rows (paragraph [0055], lines 1-5), each element capable of being 
identified by a label that identifies the column and row of the respective element 
(paragraph [0026], whereby the "label" is anticipated by Gardner's "grid references" in 
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line 4, and the "element of an authentication matrix" is anticipated by Gardner's 
"particular character"); providing the selected set of labels to the use, the set of selected 
labels being unknown to the user until the set is provided (paragraph [0073]); receiving 
a passcode from the user in response to providing the set of labels (paragraph [0026]), 
the passcode having been formulated based upon the elements identified by the 
provided set of labels (paragraph [0027]); and authenticating the user based upon the 
received passcode (paragraph [0086]). 

30. With respect to claims 75, 83, and 91 , Gardner discloses the apparatus, method, 
and computer program according to claims 74, 82, and 90 respectively, wherein the 
entity is capable of prompting the user and receiving the identifying information for each 
of a plurality of instances of logging in, and wherein the entity receiving of the identifying 
information for each instance invoked the authentication procedure such that the set of 
labels provided for the respective instance differs between the set of labels provided for 
each previous instance (paragraph [0025], lines 1-7). 

31 . With respect to claims 76, 84, and 92, Gardner discloses the apparatus, method, 
and computer program according to claims 75, 83, and 91 respectively, wherein the 
entity receiving of the identifying information of each instance invokes the authentication 
procedure such that the received passcode is unique to the respective instances 
(paragraph [0025], lines 1-7). 
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32. With respect to claims 77, 85, and 93, Gardner discloses the apparatus, method, 
and computer program according to claims 74, 82, and 90 respectively, wherein the 
entity is capable of receiving at least one piece of identifying information such that the 
authentication procedure further comprises: identifying, from a plurality of authentication 
matrices, the authentication matrix associated with the client being authenticated based 
upon the at least one piece of identifying information, the selected set of labels 
identifying elements of the identified authentication matrix (paragraph [101]). 

33. With respect to claims 78, 86, and 94, Gardner discloses the apparatus, method, 
and computer program according to claims 77, 85, and 93 respectively, wherein the at 
least one piece of identifying information received by the entity is capable of identifying 
the client to an organization independent of the authentication matrix (paragraph [0097]; 
wherein an "organization" is anticipated by a Trusted Third Party acting as an 
administrator of the prior art system). 

34. With respect to claims 79, 87, and 95, Gardner discloses the apparatus, method, 
and computer program according to claims 74, 82, and 90 respectively, wherein the 
entity is capable of receiving at least one piece of identifying information such that the 
authentication procedure includes receiving a passcode having been formulated further 
based upon a personal identification number (PIN) associated with the client (paragraph 
[0027]). 
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35. With respect to claims 80, 88, and 96, Gardner discloses the apparatus, method, 
and computer program according to claims 79, 87, and 95 respectively, wherein the 
entity is capable of receiving at least one piece of identifying information such that the 
authentication procedure includes receiving a passcode having been formulated 
including at least one element selected from the authentication matrix and the PIN in a 
predefined position with respect to the selected at least one element (paragraph [0070]). 

36. With respect to claims 81 , 89, and 97, Gardner discloses the apparatus, method, 
and computer program according to claims 74, 82, and 90 respectively, wherein the 
identifying information received by the entity comprises a user name and password 
associated with the user (paragraphs [0041-0042]). 

Response to Arguments 

37. Applicant's arguments filed March 6, 2008, have been fully considered but they 
are not persuasive. 

38. With respect to claim 1 , the applicant argues on page 32 that Gardner does not 
teach or suggest an apparatus for authenticating a client in which a set of labels 
identifying columns/rows of a matrix including elements from which a passcode is 
formulated are unknown at the client until that set is sent to the client. The applicant 
further argues that in every embodiment of Gardner, the user knows upfront the grid 
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references from which the VPIN is derived. It is Gardner's VPIN which anticipated the 
applicant's passcode. 

39. The examiner respectfully disagrees with the applicants arguments, because 
Gardner discloses in paragraph [0035] that, "An additional factor is whether or not the 
system is to be interactive: if it is, then differentiation between successive VPIN input 
attempts may be taken care of automatically by the Master System requiring a specific 
VPIN randomly generated from the known criteria. For example, the input required may 
consist of characters for the Weekday, Date and Month of input together with say 3 of a 
5 digit fixed PIN, with successive inputs on a single day requiring different fixed PIN 
inputs and the characters for the W, D & M in a different randomly generated order 
(producing theoretically 720 different inputs for a single day)." The interactive system of 
Gardner provides a clear illustration of the passcode (VPIN) being unknown to the user 
until the user receives the requirements from the master system. 

40. With respect to claim 1 , the applicant further argues on page 33 that Gardner's 
disclosure in paragraph [0033] that the VPIN is formulated by, "precisely indicating 
which grid reference applies to a particular and specific use." This is simply one 
embodiment of Gardner's invention, whereby a non-interactive mode is being described. 
But other embodiments are not limited to the non-interactive mode, as later described in 
paragraph [0035], and explained above. 
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41 . With respect to claim 1 , the applicant further argues on page 33 that even in the 
interactive mode of Gardner's invention, whereby the passcode is unknown to the user 
until the set of labels is sent thereto, that the grid references remain predetermined and 
therefor that set is known. However, this interpretation appears incomplete. For proper 
authentication in either Gardner's system or the instant invention, as disclosed in the 
applicant's specification on page 15, lines 24-27, the "correct order" is essential. 
Therefor, the "correct order" of that set is a determining factor as to whether or not the 
set of labels is known by the user. 

Conclusion 

42. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

43. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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44. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BLAKE RUBIN whose telephone number is (571 ) 270- 
3802. The examiner can normally be reached on M-R: 8:00-5:00. 

45. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571 ) 272-4001 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

46. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

BJR 



/Ario Etienne/ 

Supervisory Patent Examiner, Art Unit 2157 



